Keeping Our Economy, Our Citizens, and Our Companies Safe, Secure, and Confident in a Digitally Connected World
Remarks prepared for delivery.
Thank you, Peter. I do wish we could be together in person, but COVID has of course forced us all to find new ways of getting together. And new ways of doing business. And we’re not alone. It turns out, unfortunately, that the pandemic has led criminals to new and creative ways of doing business, too.
I’d like to talk to you today about some of the top financial crime threats and trends we’re seeing at the FBI, what we’re doing to counter those threats and stop those trends. I’ll also share some thoughts about what all this means for banks.
Let’s start with a prototypical fraud example from this past year. It’s one you may have heard of: As most of you know, the Paycheck Protection Program (PPP) allows businesses to borrow up to $10 million to, essentially, make payroll and keep their employees working. Last April, a man named Maurice Fayne, who owns a business called Flame Trucking, applied to United Community Bank for a PPP loan.
Mr. Fayne wanted United Community Bank to disburse $3.7 million to him. And to get it, Fayne certified to the bank that his business employed 107 people and had an average monthly payroll of nearly $1.5 million. Fayne said that the loan proceeds would be used to pay workers and ongoing business expenses. Based on the representations in Fayne’s application, the Georgia-based bank funded a loan of more than $2 million.
Within days, Fayne, who also starred in the reality TV program Love & Hip Hop: Atlanta, allegedly used those funds to purchase $85,000 in jewelry, lease a Rolls Royce, and pay $40,000 in child support. Oh, and he dispersed another $230,000 to associates who helped him run a Ponzi scheme. Needless to say, that’s not the kind of “payroll” contemplated by the CARES Act.
Fayne’s now been charged with bank fraud, making a false statement to a federally insured financial institution, and money laundering. And we’re in the process of seizing $700,000 back from him.
As this audience likely knows, PPP loan applications must be processed by a participating financial institution. If a PPP loan application is approved, the lender funds the loan using its own money, which is 100% guaranteed by the Small Business Administration (SBA).
The good news for United Community Bank, and other banks like it, is that PPP loans are guaranteed by the SBA even if the borrower’s application turns out to have been based on fraud. The SBA will review the loan to ensure the lender followed the program rules in approving and servicing the loan, and if so, will purchase the loan from the victim bank.
The bad news, as a lot of you know, is the immense cost in time and resources that frauds like this impose on banks like United Community Bank. CARES Act frauds have highlighted the burdens and challenges that financial institutions face when trying to undo the damage done by the fraudsters. And for banks in particular, it takes time and energy to prove on the back end that they did their part at the due diligence stage.
At bottom, illicit actors are opportunists. So it’s no surprise that they would attempt to exploit the global COVID pandemic to enrich themselves. That’s why one theme I’ll return to again and again today is the vital importance of working together—law enforcement, regulatory agencies, and the private sector—to stop criminals from defrauding our banks and otherwise abusing the financial system to advance their crimes.
Financial Crime Trends
When it comes to evolving technologies, criminal actors have all too often been quick studies in an effort to stay one step ahead of law enforcement. Financial crimes are no exception. Over the past nine months, emerging financial crime trends have revolved around COVID fraud and CARES Act stimulus funds—fraud involving unemployment insurance, PPP loans, and Small Business Economic Injury Disaster Loans. The FBI’s Internet Crime Complaint Center, or IC3, which allows the public to report suspected internet-facilitated criminal activity to the FBI, has received more than 26,000 complaints specifically related to COVID-19 fraud schemes. That’s 26,000 fraud complaints—and you can bet banks are roped in, one way or another, in just about all of them.
In response, we’ve established a COVID-19 Fraud Response Working Group with the Department of Justice, other law enforcement partners, and civil regulators. The group is going after criminals trying to exploit this pandemic to make a quick buck. In one well-publicized case, former NFL Player Joshua Bellamy was charged with wire fraud and bank fraud for conspiring to obtain millions of dollars in fraudulent PPP loans. A bank disbursed to the former New York Jet—and as a Giants fan, I feel compelled to stress that he was a New York Jet—a $1.2 million loan for his entertainment company.
As charged, he then used the proceeds to spend more than $100,000 on Dior, Gucci, jewelry, and tens of thousands more at the Seminole Hard Rock Hotel and Casino in Hollywood, Florida. But that wasn’t enough. Bellamy was allegedly so pleased with this fraud scheme that he looped in his friends and family. And in the end, the scheme involved the preparation of at least 90 fraudulent applications and bank payouts of at least $17.4 million. That means banks are on the hook for that $17.4 million unless or until they can prove to the SBA that they diligently followed the program rules in approving and servicing those loans.
In addition to COVID-related fraud, we’re seeing a range of other fraud schemes, and one thing that we’re seeing across them is the use of money mules. As this audience is acutely aware, criminals often use money mules—that is, middlemen—to deposit illegally acquired funds into bank accounts. Money mules pass funds through wire transfers or virtual currency to add another layer between criminals and victims. Why? To make it that much harder for both banks and law enforcement to follow the trail. That’s why it’s absolutely essential that banks and law enforcement work together to fight back.
And with help from financial institutions, we are fighting back. Just last week, the Justice Department announced the results of an initiative that took action against more than 2,000 money mules. Two thousand. These individuals help victimize everyone from veterans to grandparents, and they put banks right in the middle of it all.
The opportunism doesn’t end there. With a growing number of people doing most of their shopping from home to avoid COVID, we’ve seen a rise in e-skimming, where hackers steal personal and payment information as consumers shop online. They then use that information to make fraudulent purchases themselves. Or they sell it to someone who will.
Financial institutions, like credit card companies, can then find themselves on the hook. Our private sector partners indicate that e-skimming attacks have grown by at least 20% during the pandemic. We also continue to see a rise in synthetic identity fraud, where large amounts of personal data stolen during an online breach are combined with false information to create new identities. Fraudsters use these synthetic identities to apply for credit, eventually establishing credit history and higher credit limits. Just one bad guy can accumulate hundreds of accounts simultaneously, using techniques like credit piggybacking to accelerate the accrual of higher credit limits. And all this financial fraud then lands at your doorstep.
Along with these emerging trends in financial crimes, money laundering schemes continue to underpin many of our investigations. We’ve identified money laundering networks that support otherwise unrelated criminal networks, including a mix of international criminal organizations and national security threats. We’re also seeing things like trade-based money laundering, which uses trade transactions to disguise criminals’ ill-gotten gains. To combat these phenomena, we’re working with other government agencies, financial institutions, and other private sector partners. We’re engaging with leaders, like you, in the banking and technology industries to enhance the FBI’s capabilities and exchange information. And we’re using technology to help make the most of the copious data that financial fraudsters can’t help but produce.
Platforms like IC3 give us the ability to ingest large amounts of data and identify and analyze fraud patterns that may not be visible to a complainant. For instance, a fraud victim in one city can be matched up to a pattern of similar fraud victims across the country through analytical reviews of data sets—allowing us to broaden our investigations and identify other potential subjects.
Our field offices also have Suspicious Activity Report (SAR) working groups that comb data to identify new threat patterns in their area. These types of analyses help our field offices to both stay well-informed and be more efficient in fighting financial crime.
Staying ahead of the threat requires leveraging our technological resources to their greatest potential. So we continue to look for creative ways to transform our data sets into actionable intelligence and investigations. Bank Secrecy Act (BSA) data is a great example where the public/private partnerships help us combat criminal activity in the digital age. The financial intelligence generated by BSA reporting is critical to law enforcement’s investigation and prosecution of both criminal activities and national security threats. Information from SARs, Currency Transaction Reports, Reports of International Transportation of Currency or Monetary Instruments, and other BSA reporting can also help law enforcement agencies see the broader picture of a criminal network. That data allows us to map networks, trace funds, and ultimately, thwart fraud and protect banks and other victims.
Take SARs. SAR narratives capture an incredible range of conduct. Let’s say a foreign institution establishes a U.S. bank account in order to conduct illicit transactions in U.S. dollars. Law enforcement can use reports of these correspondent bank transactions to follow financial trails, investigate specific individuals and entities, identify leads, connect the dots, and advance investigations.
We and our partners aren’t the only ones recognizing the need for creativity and innovation. Our success in working with banks to fight money laundering schemes means criminals are finding innovative ways to exploit new technologies to “clean” dirty money. Virtual currencies enable the almost instantaneous transfer of value to a recipient anywhere in the world. In some cases, though, there is then very little “paper trail” to follow should an investigation become necessary. And this issue is exacerbated by cryptocurrency tumblers—that is, services that mix tracked and clean cryptocurrencies to hide transactions and hinder law enforcement’s ability to track open ledger currencies, like Bitcoin.
As this technology proliferates, banks are becoming more comfortable with a legitimate virtual asset risk profile as part of their business. In July, the Office of the Comptroller of the Currency issued a public letter allowing any national bank to hold the cryptographic keys associated with cryptocurrencies in what are essentially virtual vaults, just as they’d hold stock certificates for investors. Like banks, payment processors are also increasingly comfortable integrating virtual assets. PayPal, for example, now supports several cryptocurrencies, enabling users to buy, hold, and sell cryptocurrency directly through PayPal. And by early 2021, PayPal plans to allow customers to use crypto assets within its merchant network to pay for goods and services.
It should be no surprise, then, that as various legitimate uses of virtual currencies become more common, these currencies have also moved to center stage for criminals. We now see predatory actors using virtual assets across all criminal platforms to launder illicit funds. And legitimate users of cryptocurrency markets and exchanges have now become tempting targets for both criminal and nation-state actors. That’s because stolen funds can be instantly transferred, and there’s no central banking entity that can immediately freeze assets and pay victims.
We see actors across a wide range of threats using virtual currencies to purchase criminal tools like botnets, launder their illicit proceeds, evade sanctions, and otherwise try to prevent us from “following the money” back to them. Virtual currencies also enable additional anonymization tools like malware-as-a-service and other dark market criminal products that make tracing illicit activity that much harder. This kind of thing used to be limited to sophisticated adversaries. But now, even relatively unsophisticated actors are using virtual currencies to cloak their activities. That proliferation requires our agents and analysts working almost every type of case to be able to recognize virtual currencies; apply sophisticated analytic techniques and tools; and use them to obtain evidence and develop leads. All this has required a significant investment in resources and training for our investigators and analysts.
As a result, the FBI has developed deep expertise in virtual currencies. We’re now getting advanced analytic techniques and tools into the hands of our professionals investigating everything from child exploitation to public corruption. And we’re drawing connections from work we do across a range of investigations to help map illicit payment networks. We’re being creative—seizing virtual currencies when appropriate, working with foreign partners to follow criminal trails overseas, and collaborating with our colleagues at other investigative agencies, the SEC, the Commodity Futures Trading Commission, and of course DOJ to stay on top of threats as they evolve. We’re also collaborating with the financial industry and with academics, both to further advance our understanding and use of existing technology, and to proactively position ourselves to see what’s on the horizon.
Technology affects every kind of threat we face. Criminals, terrorists, and nation state actors will all continue to use technology to try and anonymize and facilitate illicit activity. Which is why we must continue to invest in our own technological resources to ensure that we’re staying ahead of each threat.
That brings me to perhaps the most important section of my remarks: partnerships. Moving forward, we’ve got to use our respective strengths to work toward a common purpose: keeping our economy, our citizens, and our companies safe, secure, and confident in a digitally connected world.
We’ve got to find even more ways to work together, public and private sector. It’s not just the best option, it’s really the only option. The FBI has a long history of cooperating with law enforcement and private sector partners across the globe to confront complex criminal threats. That kind of team approach is how we’ll successfully combat financial crime. We’re exchanging valuable information with the private sector through conferences like these, and our daily discussions with corporate partners are also informing our strategic focus, by making sure we know what threats most concern you.
Overseas, we’ve got legal attachés sharing intelligence and building partnerships with both foreign law enforcement and security services and enabling a virtuous cycle of cooperation. We pass information developed through our investigations to our foreign partners, including warnings about frauds perpetrated against financial institutions and American citizens. Our partners who respond to those leads can in turn provide us with more information about the threats we all face. That information feeds our global investigations and helps us discover even more indicators the private sector can use to mitigate these threats. It also provides us with more arrest opportunities, allows us to recover more illicit funds, and it puts us in a position to generate more information to pass back to our partners in a true virtuous cycle. We’re making significant strides, we’ve had a number of successes, but we still need to collaborate even more.
You’re bringing expertise to the table. You know the risks to your institutions, you’re identifying the fraudsters, and you’re going to see emerging threats coming down the road. At the FBI, we have unique expertise too. We’re able to perform analysis and combine that with the intelligence we collect to alert you to what we’re seeing out there and how these emerging frauds can affect your financial institutions.
In turn, we need financial institutions to continue to work with us through SARs and other means and to work with our field offices to initiate cases. Which is why I hope you have a strong working relationship with the special agents and special agents in charge working in your communities. If you don’t, I encourage you to work with them to talk about your concerns and let us know how we can best help you. We now have private sector coordinators in every FBI field office. If you haven’t met that person in your city, you should make the connection.
Early notification to law enforcement can limit your losses and those of your customers. And we can respond a lot faster in times of crisis if we already have a relationship with you—if we already know your facilities and your people. As the old saying goes, the best time to patch the roof is when the sun is shining. We’ve got to keep helping each other, so we can protect each other from threats we all face. And we must place an even greater emphasis on information sharing than ever before.
* * *
Technological advances give financial criminals the means to commit crimes in new and nefarious ways. But when it comes down to it, it’s the same as it ever was: It’s all about the money. Criminals will go after it any way they can. And they never let a crisis go to waste. This pandemic has been no exception. And they’re going to exploit this environment in ways that offer the least chance of getting caught—anonymously, from behind a keyboard.
As illicit actors become more sophisticated and have greater access to technology, it means we have to be smarter and quicker about preventing and stopping fraud. The good news is that while financial criminals have access to more technological tools and institutions than ever before, we do too. And we have each other. You’re innovating, and we, too, will continue to evolve to counter the actors where they operate.
I want to thank you for your insight and your expertise as we continue to work together to combat ever-evolving financial crimes. I’ll end with a call to action. Please engage with the FBI and your local field offices. We need to keep finding ways to help each other.
Thank you. Happy to take a few questions.